Privacy Policy
We take your privacy seriously. Here's exactly what data we collect, why, and your rights over it.
Effective date: February 2026 · Last updated: February 2026
We collect minimal data
We only collect what is necessary to operate the service. We do not sell your data.
You are in control
You can request access, correction, or deletion of your personal data at any time.
No selling of data
We never sell, rent, or trade your personal information to third parties for marketing.
1. Data We Collect
We collect different types of data depending on how you use the site:
We collect standard server logs including IP address, browser type, pages visited, and referring URL. This data is used solely for security and aggregate analytics.
When you submit a patient story, we collect your name, cost information, procedure details, and a verification photo. This data is stored securely and published only after moderation approval.
We store your currency preference and dark mode setting in a cookie or session. No tracking or advertising cookies are used.
2. How We Use Your Data
- To operate and improve the platform, including displaying verified patient stories.
- To prevent spam, fraud, and abuse — particularly for patient story moderation.
- To honour your currency and display preferences across sessions.
- To respond to support requests or editorial corrections you contact us about.
- To comply with legal obligations, if required by applicable law or a valid legal process.
3. Data Retention
Server logs are retained for up to 90 days. Patient story data (including photos) is retained as long as the story is published on the platform. If a story is deleted or rejected, associated personal data is purged within 30 days.
4. Data Sharing
We do not sell or rent your personal data. We may share data with:
- Cloud infrastructure providers — for hosting and file storage (e.g. object storage for uploaded photos), under strict data processing agreements.
- Analytics services — only aggregate, anonymised analytics — no personally identifiable information.
- Legal authorities — only when required by a valid court order or legal obligation, and only to the extent required.
5. Your Rights
Depending on your jurisdiction (including GDPR for EU residents), you may have the following rights:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Ask us to correct inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ('right to be forgotten').
Right to Object
Object to processing of your data for certain purposes.
Data Portability
Receive your data in a structured, machine-readable format.
Withdraw Consent
Withdraw consent for any processing based on consent at any time.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
6. Security
We use industry-standard security practices including HTTPS encryption, secure cloud storage for uploaded files, and access controls to limit who can view personal data internally. However, no system is 100% secure and we cannot guarantee absolute security.
7. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top will always reflect the most recent revision. For significant changes, we will add a notice on the site.